QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9239

Published: Dec 3, 2014

Modified: Sep 16, 2024

PUBLISHED

Description

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/

x_refsource_CONFIRM

20141109 IP.Board <= 3.4.7 SQL Injection

mailing-list

x_refsource_FULLDISC

http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.